CN111723347B - Identity authentication method, identity authentication device, electronic equipment and storage medium - Google Patents
Identity authentication method, identity authentication device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111723347B CN111723347B CN202010486110.9A CN202010486110A CN111723347B CN 111723347 B CN111723347 B CN 111723347B CN 202010486110 A CN202010486110 A CN 202010486110A CN 111723347 B CN111723347 B CN 111723347B
- Authority
- CN
- China
- Prior art keywords
- user
- service
- authentication
- plaintext
- service provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
技术领域technical field
本发明涉及区块链信息技术领域,尤其涉及一种身份认证方法、装置、电子设备及存储介质。The present invention relates to the technical field of block chain information, in particular to an identity authentication method, device, electronic equipment and storage medium.
背景技术Background technique
在互联网上有各种类型的服务,用户需要在使用不同服务时分别注册账户,管理繁多的账户。而不同的服务提供商都要创建用户管理后台,进行后台用户管理。此种情况下,用户在使用不同服务过程中,需要不同账户分别去认证登录,服务提供商也需要建立不同的后台去处理用户的身份认证,既增加了用户区分不同账户的额外注意力,又增加了服务提供商创建不同后台的承受力。There are various types of services on the Internet, and users need to register accounts separately when using different services, and manage various accounts. Different service providers need to create a user management background for background user management. In this case, the user needs to authenticate and log in with different accounts when using different services, and the service provider also needs to establish different backgrounds to process the user's identity authentication, which not only increases the extra attention of the user to distinguish different accounts, but also Increased tolerance for service providers to create different backends.
发明内容Contents of the invention
针对现有技术存在的问题,本发明实施例提供一种身份认证方法、装置、电子设备及存储介质。Aiming at the problems existing in the prior art, embodiments of the present invention provide an identity authentication method, device, electronic equipment, and storage medium.
第一方面,本发明实施例提供一种身份认证方法,包括:In a first aspect, an embodiment of the present invention provides an identity authentication method, including:
获取用户认证请求,根据所述用户认证请求获得用户签名,并对所述用户签名进行验证;Obtain a user authentication request, obtain a user signature according to the user authentication request, and verify the user signature;
在验证成功后,根据预存的服务名称从智能合约中调用所述服务账户对应的用户绑定信息,其中,所述服务名称为服务提供商所提供服务对应的唯一名称,所述用户绑定信息为采用第一公钥加密,使用服务提供商所提供服务的用户的用户信息,所述第一公钥为服务提供商所提供服务时,登记的公钥;After the verification is successful, call the user binding information corresponding to the service account from the smart contract according to the pre-stored service name, wherein the service name is the unique name corresponding to the service provided by the service provider, and the user binding information To use the first public key to encrypt the user information of the user who uses the service provided by the service provider, the first public key is the public key registered when the service provider provides the service;
根据所述用户绑定信息获得对应于所述用户绑定信息的用户列表;Obtain a user list corresponding to the user binding information according to the user binding information;
根据所述用户列表确定对应于所述用户认证请求的认证结果;determining an authentication result corresponding to the user authentication request according to the user list;
其中,所述智能合约设置在区块链上。Wherein, the smart contract is set on the block chain.
进一步地,所述用户列表为待绑定用户信息基于智能合约和服务策略进行设定获得,其中,所述服务策略为服务登记信息基于智能合约进行设定获得;所述服务登记信息为对应于服务提供商所登记服务时,设置的登记信息。Further, the user list is obtained by setting user information to be bound based on smart contracts and service policies, wherein the service policy is obtained by setting service registration information based on smart contracts; the service registration information is corresponding to The registration information set when the service provider registers the service.
进一步地,所述智能合约包括服务表和用户表,相应地,所述用户列表为待绑定用户信息基于用户表和服务策略进行设备获得,所述服务策略为服务等级信息基于服务表进行设定获得。Further, the smart contract includes a service table and a user table. Correspondingly, the user list is obtained by equipment based on the user table and service policy for the user information to be bound, and the service policy is the setting of the service level information based on the service table. must get.
进一步地,所述用户签名包括第一明文和加密文,所述加密文为采用第二私钥对第二明文加密后的文件,所述第二私钥为用户使用服务提供商所提供服务时,登记的私钥,相应地,所述对所述用户签名进行验证,包括:Further, the user signature includes the first plaintext and encrypted text, and the encrypted text is a file obtained by encrypting the second plaintext with a second private key, which is used when the user uses the service provided by the service provider. , the registered private key, and correspondingly, the verification of the user signature includes:
采用预存的第二公钥对所述加密文进行解密,获得第二明文,所述第二公钥为用户使用服务提供商所提供服务时,登记的公钥;Decrypting the encrypted text by using the pre-stored second public key to obtain the second plain text, the second public key is the public key registered when the user uses the service provided by the service provider;
确定第一明文和第二明文匹配成功时,则对用户签名的验证成功。When it is determined that the first plaintext and the second plaintext match successfully, the verification of the user signature is successful.
进一步地,所述根据所述用户绑定信息获得对应于所述用户绑定信息的用户列表,包括:Further, the obtaining the user list corresponding to the user binding information according to the user binding information includes:
根据预存的第一私钥对所述用户绑定信息进行解密,获得用户列表,所述第一私钥为服务提供商所提供服务时,登记的私钥。The user binding information is decrypted according to the pre-stored first private key to obtain a user list, and the first private key is a private key registered when the service provider provides services.
进一步地,所述根据所述用户列表确定对应于所述用户认证请求的认证结果,包括:Further, the determining the authentication result corresponding to the user authentication request according to the user list includes:
将匹配成功的第一明文在所述用户列表中进行匹配,若确定所述用户列表中存在所述第一明文,则生成认证成功的认证结果。Matching the successfully matched first plaintext in the user list, and generating an authentication result of successful authentication if it is determined that the first plaintext exists in the user list.
第二方面,本发明实施例提供一种身份认证装置,包括:In a second aspect, an embodiment of the present invention provides an identity authentication device, including:
获取模块,用于获取用户认证请求,根据所述用户认证请求获得用户签名,并对所述用户签名进行验证;An acquisition module, configured to acquire a user authentication request, obtain a user signature according to the user authentication request, and verify the user signature;
调用模块,用于在验证成功后,根据预存的服务名称从智能合约中调用所述服务账户对应的用户绑定信息,其中,所述服务名称为服务提供商所提供服务对应的唯一名称,所述用户绑定信息为采用第一公钥加密,使用服务提供商所提供服务的用户的用户信息,所述第一公钥为服务提供商所提供服务时,登记的公钥;The calling module is used to call the user binding information corresponding to the service account from the smart contract according to the pre-stored service name after the verification is successful, wherein the service name is the unique name corresponding to the service provided by the service provider, and the The user binding information is the user information of the user who uses the service provided by the service provider to encrypt with the first public key, and the first public key is the public key registered when the service is provided by the service provider;
处理模块,用于根据所述用户绑定信息获得对应于所述用户绑定信息的用户列表;A processing module, configured to obtain a user list corresponding to the user binding information according to the user binding information;
认证模块,用于根据所述用户列表确定对应于所述用户认证请求的认证结果;An authentication module, configured to determine an authentication result corresponding to the user authentication request according to the user list;
其中,所述智能合约设置在区块链上。Wherein, the smart contract is set on the block chain.
进一步地,所述用户列表为待绑定用户信息基于智能合约和服务策略进行设定获得,其中,所述服务策略为服务登记信息基于智能合约进行设定获得;所述服务登记信息为对应于服务提供商所登记服务时,设置的登记信息。Further, the user list is obtained by setting user information to be bound based on smart contracts and service policies, wherein the service policy is obtained by setting service registration information based on smart contracts; the service registration information is corresponding to The registration information set when the service provider registers the service.
第三方面,本发明实施例提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述身份认证方法的步骤。In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor implements the above-mentioned identity authentication method when executing the program A step of.
第四方面,本发明实施例提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述身份认证方法的步骤。In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above identity authentication method are implemented.
本发明实施例提供的身份认证方法、装置、电子设备及存储介质,在对用户访问服务时的用户签名验证通过后,再将存于智能合约中加密的用户绑定信息进行解密后,根据解密后的用户列表查验用户此次访问的合法性,完成认证,实现用户安全访问服务时只需维护一个区块链账户的公私钥,便可与任意服务绑定,服务供应商在智能合约登记服务后,通过调用智能合约中的用户列表即可完成认证,不需要再建立自己的后台管理用户。The identity authentication method, device, electronic equipment, and storage medium provided by the embodiments of the present invention, after verifying the user's signature when the user accesses the service, decrypt the encrypted user binding information stored in the smart contract, and according to the decryption The final user list checks the legitimacy of the user's visit, completes the authentication, and only needs to maintain a public and private key of a blockchain account when the user accesses the service safely, which can be bound to any service. The service provider registers the service in the smart contract After that, the authentication can be completed by calling the user list in the smart contract, and there is no need to create its own background management user.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1为本发明身份认证方法一实施例流程图;Fig. 1 is a flowchart of an embodiment of the identity authentication method of the present invention;
图2为本发明合约创建者、用户和认证端的交互关系图;Fig. 2 is the interaction diagram of the contract creator, user and authentication end of the present invention;
图3为本发明智能合约的部署和设置流程时序图;Fig. 3 is a sequence diagram of the deployment and setting process of the smart contract of the present invention;
图4为本发明服务提供商登记流程交互时序图;Fig. 4 is an interaction sequence diagram of the service provider registration process of the present invention;
图5为本发明用户绑定服务流程交互时序图;Fig. 5 is an interaction sequence diagram of the user binding service flow in the present invention;
图6为本发明身份认证流程交互时序图;FIG. 6 is an interaction sequence diagram of the identity authentication process of the present invention;
图7为本发明身份认证方法一具体交互时序图;Fig. 7 is a specific interaction sequence diagram of the identity authentication method of the present invention;
图8为本发明身份认证方法又一具体交互时序图;Fig. 8 is another specific interaction sequence diagram of the identity authentication method of the present invention;
图9为本发明身份认证方法再一具体交互时序图;FIG. 9 is another specific interaction sequence diagram of the identity authentication method of the present invention;
图10为本发明身份认证装置实施例结构图;FIG. 10 is a structural diagram of an embodiment of an identity authentication device of the present invention;
图11为本发明电子设备实施例结构图。Fig. 11 is a structural diagram of an embodiment of the electronic device of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.
图1示出了本发明一实施例提供的一种身份认证方法,包括:Figure 1 shows an identity authentication method provided by an embodiment of the present invention, including:
S11、获取用户认证请求,根据用户认证请求获得用户签名,并对用户签名进行验证;S11. Obtain a user authentication request, obtain a user signature according to the user authentication request, and verify the user signature;
S12、在验证成功后,根据预存的服务名称从智能合约中调用服务账户对应的用户绑定信息;S12. After the verification is successful, call the user binding information corresponding to the service account from the smart contract according to the pre-stored service name;
S13、根据用户绑定信息获得对应于用户绑定信息的用户列表;S13. Obtain a user list corresponding to the user binding information according to the user binding information;
S14、根据用户列表确定对应于用户认证请求的认证结果。S14. Determine an authentication result corresponding to the user authentication request according to the user list.
针对步骤S11-步骤S14,需要说明的是,在本发明实施例中,该方法应用于区块链领域,采用智能合约对用户和服务提供商发起的各种信息进行设置存储。智能合约提供一种标准化的数据采集及查询协议,其需要合约创建者完成开发。Regarding step S11-step S14, it should be noted that in the embodiment of the present invention, the method is applied to the field of blockchain, and smart contracts are used to set and store various information initiated by users and service providers. Smart contracts provide a standardized data collection and query protocol, which requires the contract creator to complete the development.
在本发明实施例中,该身份认证方法能够适用于合约创建者、智能合约、用户、客户端、服务提供商、认证端之间的交互关系,其交互关系示意图如图2所示,在图2中,合约创建者负责在区块链上部署和初始化智能合约;认证端为服务提供商所管理,负责验证用户的认证请求,可为专用的认证服务器也可为内嵌认证模块的物联网设备;客户端为用户所管理,负责签名发起认证请求,可为用户使用的电脑及智能设备等。In the embodiment of the present invention, the identity authentication method can be applied to the interactive relationship between contract creators, smart contracts, users, clients, service providers, and authentication terminals. The schematic diagram of the interactive relationship is shown in Figure 2. In 2, the contract creator is responsible for deploying and initializing the smart contract on the blockchain; the authentication end is managed by the service provider and is responsible for verifying the user's authentication request, which can be a dedicated authentication server or an Internet of Things with an embedded authentication module Equipment; the client is managed by the user and is responsible for signing and initiating authentication requests, which can be computers and smart devices used by the user.
在本发明实施例中,智能合约的部署和设置流程时序图如图3所示。在图3中,合约创建者发起部署智能合约交易,将智能合约部署到区块链后,对合约参数进行初始化,包括全局状态表、用户表、服务表等,具体合约参数在此不做明确限定。合约初始化成功后,合约创建者可根据具体情况对合约进行权限设置,合约权限可为单一权限、多签权限和黑洞权限,单一权限即合约归属合约创建者所有,合约创建者可以随时对合约进行修改和扩展;多签权限即合约的修改需要多方共同签名同意才能完成;黑洞权限即合约将不归属任何一方,设置为该权限后合约不可被修改。In the embodiment of the present invention, the sequence diagram of the deployment and setting process of the smart contract is shown in FIG. 3 . In Figure 3, the contract creator initiates the smart contract deployment transaction. After the smart contract is deployed to the blockchain, the contract parameters are initialized, including the global state table, user table, service table, etc. The specific contract parameters are not specified here. limited. After the contract is initialized successfully, the contract creator can set the authority of the contract according to the specific situation. The contract authority can be single authority, multi-signature authority and black hole authority. The single authority means that the contract belongs to the contract creator, and the contract creator can modify the contract at any time. Modification and expansion; multi-signature authority means that the modification of the contract requires the consent of multiple parties to complete; black hole authority means that the contract will not belong to any party, and the contract cannot be modified after setting this authority.
在本发明实施例中,服务提供商登记流程交互时序图如图4所示。在图4中,服务提供商由所使用的终端发起服务登记流程,向区块链上的节点服务器发送服务登记信息,该服务登记信息为对应于服务提供商所登记服务时,设置的登记信息。每个节点服务器上存有上述创建的智能合约。该服务登记信息在节点服务器上会由智能合约按照合约中的服务表进行自动配置,可得到所需的服务策略。该服务策略包括与服务相关的各种关联条件,例如服务权限、服务费用、服务会员等级和服务访问入口,在此不一一举出。In the embodiment of the present invention, the interaction sequence diagram of the service provider registration process is shown in FIG. 4 . In Figure 4, the service provider initiates the service registration process from the terminal used, and sends the service registration information to the node server on the blockchain. The service registration information is the registration information set when corresponding to the service registered by the service provider. . The smart contracts created above are stored on each node server. The service registration information will be automatically configured by the smart contract on the node server according to the service table in the contract, and the required service strategy can be obtained. The service policy includes various associated conditions related to the service, such as service authority, service fee, service membership level and service access entrance, which are not listed here.
在本发明实施例中,用户绑定服务流程交互时序图如图5所示。在图5中,用户由所使用的终端发起绑定服务流程,向区块链上的节点服务器发送待绑定用户信息,该待绑定用户信息为用户使用服务时,设定的绑定信息。每个节点服务器上存有上述创建的智能合约。该待绑定用户信息在节点服务器上会由智能合约按照合约中的用户表和服务策略进行自动配置,可得到用户列表。该用户列表中包含某个服务下的所有用户对应的绑定信息。比如用户会员等级、服务费用最低限制、用户账户等,在此不一一举出。该用户列表通过服务提供商的公钥进行加密生成用户绑定信息,该用户绑定信息除了服务供应商,其他人无法获取。In the embodiment of the present invention, the interaction sequence diagram of the user binding service process is shown in FIG. 5 . In Figure 5, the user initiates the binding service process from the terminal used, and sends the user information to be bound to the node server on the blockchain. The user information to be bound is the binding information set when the user uses the service. . The smart contracts created above are stored on each node server. The user information to be bound will be automatically configured by the smart contract on the node server according to the user table and service policy in the contract, and the user list can be obtained. The user list contains binding information corresponding to all users under a certain service. For example, user membership level, minimum service fee limit, user account, etc., are not listed here. The user list is encrypted with the public key of the service provider to generate user binding information, which cannot be obtained by anyone except the service provider.
在本发明实施例中,用户认证流程交互时序图如图6所示,在图6中,服务提供商提供某一项服务(例如提供邮箱服务),其管理的认证端专门对用户访问该邮箱时进行身份认证。为此,用户会使用用户终端向认证端发送用户认证请求,认证端获取用户认证请求后,对用户认证请求进行处理得到用户签名。In the embodiment of the present invention, the interactive sequence diagram of the user authentication process is shown in Figure 6. In Figure 6, the service provider provides a certain service (such as providing email service), and the authentication terminal managed by it specifically accesses the mailbox for the user identity authentication. To this end, the user will use the user terminal to send a user authentication request to the authenticator, and the authenticator will process the user authentication request to obtain a user signature after obtaining the user authentication request.
该用户签名需要先进行验证,以便验证是对应的用户发出的用户认证请求。The user signature needs to be verified first, so that the verification is a user authentication request sent by the corresponding user.
认证端在验证用户签名成功后,会根据预存的服务名称从区块链中调用智能合约中存储的用户绑定信息。由于认证端是服务提供商所管理,为此,该认证端上会存储有对应于所提供服务的服务名称。例如所提供的服务是邮箱服务,则服务名称可为A邮箱。为此,从智能合约中会存储有多种服务对应的用户绑定信息。此时,在用户签名验证通过后,可根据服务名称从区块链中调用智能合约中存储的用户绑定信息。After the authenticator successfully verifies the user's signature, it will call the user binding information stored in the smart contract from the blockchain according to the pre-stored service name. Since the authenticator is managed by the service provider, the authenticator will store the service name corresponding to the provided service. For example, if the service provided is a mailbox service, the service name may be A mailbox. For this reason, user binding information corresponding to various services will be stored in the smart contract. At this point, after the user signature is verified, the user binding information stored in the smart contract can be called from the blockchain according to the service name.
由于用户绑定信息是采用服务提供商所提供服务时登记的公钥加密的使用服务提供商所提供服务的用户的用户信息。为此,获得用户绑定信息之后,要采用服务提供商所提供服务时登记的私钥进行解密,得到对应的用户列表,然后在用户列表中查验用户此次访问的合法性,完成认证。Since the user binding information is the user information of the user using the service provided by the service provider encrypted with the public key registered when the service provider provides the service. To this end, after obtaining the user binding information, use the private key registered when the service provider provides the service to decrypt to obtain the corresponding user list, and then check the legitimacy of the user's visit in the user list to complete the authentication.
本发明实施例提供的身份认证方法,在对用户访问服务时的用户签名验证通过后,再将存于智能合约中加密的用户绑定信息进行解密后,根据解密后的用户列表查验用户此次访问的合法性,完成认证,实现用户安全访问服务时只需维护一个区块链账户的公私钥,便可与任意服务绑定,服务供应商在智能合约登记服务后,通过调用智能合约中的用户列表即可完成认证,不需要再建立自己的后台管理用户。The identity authentication method provided by the embodiment of the present invention, after verifying the user's signature when the user accesses the service, decrypts the encrypted user binding information stored in the smart contract, and checks the user's current time according to the decrypted user list. The legitimacy of the access, complete the authentication, and realize the user's safe access to the service only needs to maintain the public and private keys of a blockchain account, which can be bound to any service. After the service provider registers the service in the smart contract, by calling the smart contract The user list can complete the authentication, and there is no need to create your own background management users.
在上述实施例方法的进一步实施例中,主要是对上述步骤S11和步骤S12的具体说明,如下:In the further embodiment of the method of the above-mentioned embodiment, it is mainly the specific description of the above-mentioned step S11 and step S12, as follows:
获取用户认证请求,根据用户认证请求获得第一明文和加密文,采用预存的第二公钥对加密文进行解密,获得第二明文,确定第一明文和第二明文匹配成功时,对用户签名的验证成功,根据服务账户从区块链中调用服务账户对应的用户绑定信息。Obtain the user authentication request, obtain the first plaintext and encrypted text according to the user authentication request, use the pre-stored second public key to decrypt the encrypted text, obtain the second plaintext, and sign the user when it is determined that the first plaintext and the second plaintext match successfully The verification is successful, and the user binding information corresponding to the service account is called from the blockchain according to the service account.
在本发明实施例中,用户访问服务时,会向认证端发送用户认证请求,该用户认证请求通过解析后获得第一明文和加密文。明文为没有进行加密的字符串。加密文为对明文进行加密操作后的字符串。明文可为用户的公钥(即第二公钥),也可为其他能够唯一匹配查询用户列表的信息,如用户账号,用户身份证。In the embodiment of the present invention, when a user accesses a service, a user authentication request is sent to the authenticator, and the user authentication request is parsed to obtain a first plaintext and an encrypted text. The plaintext is a string that is not encrypted. The ciphertext is a character string obtained by encrypting the plaintext. The plaintext may be the user's public key (that is, the second public key), or other information that can uniquely match the query user list, such as user account number and user ID card.
在认证端存有第二公钥,该第二公钥为对应于用户的公钥。即用户在使用服务过程中获得的公钥。认证端采用预存的第二公钥对加密文进行解密,获得第二明文。然后将第二明文和第一明文进行匹配,当匹配成功(即第一明文和第二明文为同一字符串)后,表明对用户签名的验证成功。验证成功后,根据服务名称从区块链中的智能合约中调用服务名称对应的用户绑定信息。A second public key is stored at the authentication end, and the second public key is a public key corresponding to the user. That is, the public key obtained by the user during the use of the service. The authenticator uses the pre-stored second public key to decrypt the encrypted text to obtain the second plain text. Then, the second plaintext is matched with the first plaintext, and when the matching is successful (that is, the first plaintext and the second plaintext are the same character string), it indicates that the verification of the user signature is successful. After the verification is successful, the user binding information corresponding to the service name is called from the smart contract in the blockchain according to the service name.
在上述实施例方法的进一步实施例中,主要是对上述步骤S13的具体说明,具体如下:In the further embodiment of the method of the above-mentioned embodiment, it is mainly a specific description of the above-mentioned step S13, which is as follows:
根据预存的第一私钥对所述用户绑定信息进行解密,获得用户列表。The user binding information is decrypted according to the pre-stored first private key to obtain a user list.
在本发明实施例中,认证端获取到用户绑定信息后,根据预存的对应于服务提供商的第一私钥对用户绑定信息进行解密。由于用户绑定信息采用对应于服务提供商的第一公钥加密,故可以采用私钥对其进行解密,解密后可获得对应的用户列表。该用户列表包含使用服务提供商提供的服务的所有用户的信息。In the embodiment of the present invention, after obtaining the user binding information, the authenticator decrypts the user binding information according to the pre-stored first private key corresponding to the service provider. Since the user binding information is encrypted with the first public key corresponding to the service provider, it can be decrypted with the private key, and the corresponding user list can be obtained after decryption. The user list contains information on all users who use the services provided by the service provider.
在本发明实施例方法的进一步实施例中,该用户列表中保存有用户信息,为此,将验证成功的第一明文在用户列表中进行匹配,确定用户列表中存在第一明文,则生成用户认证成功的认证结果。反之,则生成用户认证失败的认证结果。In a further embodiment of the method in the embodiment of the present invention, the user information is stored in the user list, for this reason, the first plaintext that has been verified successfully is matched in the user list, and it is determined that the first plaintext exists in the user list, then a user is generated. Authentication result of successful authentication. Otherwise, an authentication result of user authentication failure is generated.
由于上述实施例中对认证端和客户端的描述,认证端可为专用的认证服务器也可为内嵌认证模块的物联网设备;客户端可为用户使用的电脑及智能设备等。为此,以下面几种具体情况对该认证方法进行解释说明:Due to the description of the authentication terminal and the client in the above embodiments, the authentication terminal can be a dedicated authentication server or an Internet of Things device with an embedded authentication module; the client can be a computer and a smart device used by a user. To this end, the authentication method is explained in the following specific situations:
如图7示出的认证方法适用于传统互联网认证服务,采用认证端完成对用户的身份认证。合约创建者进行合约部署和设置,服务提供商完成服务登记后,用户发起服务绑定请求,随后访问服务,认证服务器验证用户签名后查询合约中用户绑定信息完成用户认证并响应用户的请求。The authentication method shown in FIG. 7 is applicable to traditional Internet authentication services, and the authentication terminal is used to complete the identity authentication of the user. The contract creator deploys and configures the contract. After the service provider completes the service registration, the user initiates a service binding request, and then accesses the service. After verifying the user signature, the authentication server queries the user binding information in the contract to complete user authentication and respond to the user's request.
如图8示出的认证方法适用于物联网设备完成对用户的身份认证。服务提供商在合约中对物联网设备进行登记,设置设备的访问信息和设备公钥信息。随后对设备进行配置,使得设备可以读取合约中的用户绑定信息,同时设置设备的公私钥对。完成配置的物联网设备即可随时接受用户的访问请求。The authentication method shown in FIG. 8 is suitable for the IoT device to complete the identity authentication of the user. The service provider registers the IoT device in the contract, and sets the device's access information and device public key information. Then configure the device so that the device can read the user binding information in the contract and set the public-private key pair of the device at the same time. The configured IoT device can accept the user's access request at any time.
如图9示出的认证方法适用于客户端对服务的访问及认证端对用户的身份认证。合约部署和设置完成后,服务提供商登记服务。用户查询合约获取所需的服务信息进行设备绑定并对设备进行配置,设置公私钥对。随后即可通过智能设备便捷的与认证端进行交互。The authentication method shown in FIG. 9 is applicable to the client's access to the service and the authenticator's identity authentication of the user. After the contract is deployed and set up, the service provider registers the service. The user queries the contract to obtain the required service information, binds the device, configures the device, and sets the public-private key pair. Then you can easily interact with the authentication terminal through the smart device.
上述实施例提供的身份认证方法,在对用户访问服务时的用户签名验证通过后,再将存于智能合约中加密的用户绑定信息进行解密后,根据解密后的用户列表查验用户此次访问的合法性,完成认证,实现用户安全访问服务时只需维护一个区块链账户的公私钥,便可与任意服务绑定,服务供应商在智能合约登记服务后,通过调用智能合约中的用户列表即可完成认证,不需要再建立自己的后台管理用户。In the identity authentication method provided by the above embodiment, after the user signature verification is passed when the user accesses the service, the encrypted user binding information stored in the smart contract is decrypted, and the user’s current visit is checked according to the decrypted user list. The legitimacy of the service is completed, the authentication is completed, and the user only needs to maintain a public and private key of a blockchain account when accessing the service safely, and it can be bound to any service. After the service provider registers the service in the smart contract, it calls the user in the smart contract. The list can complete the authentication, and there is no need to create your own background management user.
图10示出了本发明一实施例提供的一种身份认证装置的结构示意图,参见图10,该装置包括获取模块21、验证模块22、处理模块23和认证模块24,其中:Fig. 10 shows a schematic structural diagram of an identity authentication device provided by an embodiment of the present invention. Referring to Fig. 10, the device includes an
获取模块21,用于获取用户认证请求,根据所述用户认证请求获得用户签名,并对所述用户签名进行验证;An
调用模块22,用于在验证成功后,根据预存的服务名称从智能合约中调用所述服务账户对应的用户绑定信息,其中,所述服务名称为服务提供商所提供服务对应的唯一名称,所述用户绑定信息为采用第一公钥加密,使用服务提供商所提供服务的用户的用户信息,所述第一公钥为服务提供商所提供服务时,登记的公钥;The calling
处理模块23,用于根据所述用户绑定信息获得对应于所述用户绑定信息的用户列表;A
认证模块24,用于根据所述用户列表确定对应于所述用户认证请求的认证结果;An
其中,所述智能合约设置在区块链上。Wherein, the smart contract is set on the block chain.
在上述实施例装置的进一步实施例中,所述用户列表为待绑定用户信息基于智能合约和服务策略进行设定获得,其中,所述服务策略为服务登记信息基于智能合约进行设定获得;所述服务登记信息为对应于服务提供商所登记服务时,设置的登记信息。In a further embodiment of the device in the above embodiment, the user list is obtained by setting user information to be bound based on a smart contract and a service policy, wherein the service policy is obtained by setting service registration information based on a smart contract; The service registration information is the registration information set when corresponding to the service registered by the service provider.
在上述实施例装置的进一步实施例中,所述智能合约包括服务表和用户表,相应地,所述用户列表为待绑定用户信息基于用户表和服务策略进行设备获得,所述服务策略为服务等级信息基于服务表进行设定获得。In a further embodiment of the device in the above embodiment, the smart contract includes a service table and a user table. Correspondingly, the user list is obtained by equipment based on the user table and service policy based on the user information to be bound, and the service policy is Service level information is obtained based on settings in the service table.
在上述实施例装置的进一步实施例中,所述用户签名包括第一明文和加密文,所述加密文为采用第二私钥对第二明文加密后的文件,所述第二私钥为用户使用服务提供商所提供服务时,登记的私钥,相应地,所述获取模块具体用于:In a further embodiment of the device in the above embodiment, the user signature includes a first plaintext and an encrypted text, and the encrypted text is a file obtained by encrypting the second plaintext with a second private key, and the second private key is the user's When using the service provided by the service provider, the registered private key, correspondingly, the acquisition module is specifically used for:
采用预存的第二公钥对所述加密文进行解密,获得第二明文,所述第二公钥为用户使用服务提供商所提供服务时,登记的公钥;Decrypting the encrypted text by using the pre-stored second public key to obtain the second plain text, the second public key is the public key registered when the user uses the service provided by the service provider;
确定第一明文和第二明文匹配成功时,则对用户签名的验证成功。When it is determined that the first plaintext and the second plaintext match successfully, the verification of the user signature is successful.
在上述实施例装置的进一步实施例中,所述处理模块具体用于:In a further embodiment of the device in the above embodiment, the processing module is specifically configured to:
根据预存的第一私钥对所述用户绑定信息进行解密,获得用户列表,所述第一私钥为对应于服务提供商的私钥。The user binding information is decrypted according to the pre-stored first private key to obtain the user list, and the first private key is a private key corresponding to the service provider.
在上述实施例装置的进一步实施例中,所述认证模块具体用于:In a further embodiment of the device in the above embodiment, the authentication module is specifically used for:
将第一明文在所述用户列表中进行匹配,确定所述用户列表中存在第一明文,则生成认证成功的认证结果。Match the first plaintext in the user list, determine that the first plaintext exists in the user list, and generate an authentication result of successful authentication.
由于本发明实施例所述装置与上述实施例所述方法的原理相同,对于更加详细的解释内容在此不再赘述。Since the principle of the apparatus described in the embodiment of the present invention is the same as that of the method described in the foregoing embodiments, more detailed explanations will not be repeated here.
需要说明的是,本发明实施例中可以通过硬件处理器(hardware processor)来实现相关功能模块。It should be noted that, in the embodiment of the present invention, a hardware processor (hardware processor) may be used to implement related functional modules.
本发明实施例提供的身份认证装置,在对用户访问服务时的用户签名验证通过后,再将存于智能合约中加密的用户绑定信息进行解密后,根据解密后的用户列表查验用户此次访问的合法性,完成认证,实现用户安全访问服务时只需维护一个区块链账户的公私钥,便可与任意服务绑定,服务供应商在智能合约登记服务后,通过调用智能合约中的用户列表即可完成认证,不需要再建立自己的后台管理用户。The identity authentication device provided by the embodiment of the present invention, after verifying the user's signature when the user accesses the service, decrypts the encrypted user binding information stored in the smart contract, and checks the user's current time according to the decrypted user list. The legitimacy of the access, complete the authentication, and realize the user's safe access to the service only needs to maintain the public and private keys of a blockchain account, which can be bound to any service. After the service provider registers the service in the smart contract, by calling the smart contract The user list can complete the authentication, and there is no need to create your own background management users.
图11示例了一种电子设备的实体结构示意图,如图11所示,该电子设备可以包括:处理器(processor)31、通信接口(Communications Interface)32、存储器(memory)33和通信总线34,其中,处理器31,通信接口32,存储器33通过通信总线34完成相互间的通信。处理器31可以调用存储器33中的逻辑指令,以执行如下方法:获取用户认证请求,根据用户认证请求获得用户签名,并对用户签名进行验证;在验证成功后,根据预存的服务名称从智能合约中调用服务账户对应的用户绑定信息,其中,服务名称为服务提供商所提供服务对应的唯一名称,用户绑定信息为采用第一公钥加密,使用服务提供商所提供服务的用户的用户信息,第一公钥为服务提供商所提供服务时,登记的公钥;根据用户绑定信息获得对应于用户绑定信息的用户列表;根据用户列表确定对应于用户认证请求的认证结果。FIG. 11 illustrates a schematic diagram of the physical structure of an electronic device. As shown in FIG. 11 , the electronic device may include: a processor (processor) 31, a communication interface (Communications Interface) 32, a memory (memory) 33 and a
此外,上述的存储器33中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above logic instructions in the
本发明实施例还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各实施例提供的方法,例如包括:获取用户认证请求,根据用户认证请求获得用户签名,并对用户签名进行验证;在验证成功后,根据预存的服务名称从智能合约中调用服务账户对应的用户绑定信息,其中,服务名称为服务提供商所提供服务对应的唯一名称,用户绑定信息为采用第一公钥加密,使用服务提供商所提供服务的用户的用户信息,第一公钥为服务提供商所提供服务时,登记的公钥;根据用户绑定信息获得对应于用户绑定信息的用户列表;根据用户列表确定对应于用户认证请求的认证结果。An embodiment of the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a processor, the method provided by the above-mentioned embodiments is implemented, for example, including: obtaining a user authentication request , obtain the user signature according to the user authentication request, and verify the user signature; after the verification is successful, call the user binding information corresponding to the service account from the smart contract according to the pre-stored service name, where the service name is provided by the service provider The unique name corresponding to the service, the user binding information is encrypted with the first public key, the user information of the user who uses the service provided by the service provider, and the first public key is the public key registered when the service provider provides the service; according to The user binding information obtains the user list corresponding to the user binding information; and determines the authentication result corresponding to the user authentication request according to the user list.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above description of the implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic discs, optical discs, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in various embodiments or some parts of the embodiments.
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010486110.9A CN111723347B (en) | 2020-06-01 | 2020-06-01 | Identity authentication method, identity authentication device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010486110.9A CN111723347B (en) | 2020-06-01 | 2020-06-01 | Identity authentication method, identity authentication device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111723347A CN111723347A (en) | 2020-09-29 |
CN111723347B true CN111723347B (en) | 2023-06-06 |
Family
ID=72565730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010486110.9A Active CN111723347B (en) | 2020-06-01 | 2020-06-01 | Identity authentication method, identity authentication device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111723347B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114723452B (en) * | 2021-01-05 | 2025-09-02 | 中国移动通信有限公司研究院 | Payment account information query method, device, platform and system based on blockchain |
CN113849796B (en) * | 2021-11-30 | 2022-05-06 | 南京可信区块链与算法经济研究院有限公司 | Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
CN108234515A (en) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | A kind of Self-certified digital identity management system and its method based on intelligent contract |
CN108684041A (en) * | 2018-05-31 | 2018-10-19 | 上海邑游网络科技有限公司 | The system and method for login authentication |
CN109327475A (en) * | 2018-11-30 | 2019-02-12 | 深圳市元征科技股份有限公司 | A kind of multilayer identity identifying method, device, equipment and storage medium |
CN109347799A (en) * | 2018-09-13 | 2019-02-15 | 深圳市图灵奇点智能科技有限公司 | A kind of identity information management method and system based on block chain technology |
CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A digital identity authentication method, device, device, system and storage medium |
CN109903046A (en) * | 2019-02-02 | 2019-06-18 | 中国互联网络信息中心 | User data management and device based on block chain |
CN109983466A (en) * | 2018-09-27 | 2019-07-05 | 区链通网络有限公司 | A kind of account management system and management method, storage medium based on block chain |
CN110457878A (en) * | 2019-08-14 | 2019-11-15 | 北京中电普华信息技术有限公司 | A blockchain-based identity authentication method, device and system |
CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3079323B1 (en) * | 2018-03-26 | 2020-04-17 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | METHOD AND SYSTEM FOR ACCESSING ANONYMISED DATA |
-
2020
- 2020-06-01 CN CN202010486110.9A patent/CN111723347B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580250A (en) * | 2015-01-29 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | System and method for authenticating credible identities on basis of safety chips |
CN108234515A (en) * | 2018-01-25 | 2018-06-29 | 中国科学院合肥物质科学研究院 | A kind of Self-certified digital identity management system and its method based on intelligent contract |
CN108684041A (en) * | 2018-05-31 | 2018-10-19 | 上海邑游网络科技有限公司 | The system and method for login authentication |
CN109347799A (en) * | 2018-09-13 | 2019-02-15 | 深圳市图灵奇点智能科技有限公司 | A kind of identity information management method and system based on block chain technology |
CN109983466A (en) * | 2018-09-27 | 2019-07-05 | 区链通网络有限公司 | A kind of account management system and management method, storage medium based on block chain |
CN109327475A (en) * | 2018-11-30 | 2019-02-12 | 深圳市元征科技股份有限公司 | A kind of multilayer identity identifying method, device, equipment and storage medium |
CN109903046A (en) * | 2019-02-02 | 2019-06-18 | 中国互联网络信息中心 | User data management and device based on block chain |
CN109862041A (en) * | 2019-03-27 | 2019-06-07 | 深圳市网心科技有限公司 | A digital identity authentication method, device, device, system and storage medium |
CN110457878A (en) * | 2019-08-14 | 2019-11-15 | 北京中电普华信息技术有限公司 | A blockchain-based identity authentication method, device and system |
CN111031053A (en) * | 2019-12-17 | 2020-04-17 | 迈普通信技术股份有限公司 | Identity authentication method and device, electronic equipment and readable storage medium |
Non-Patent Citations (1)
Title |
---|
周艺华 ; 李洪明 ; .基于区块链的数据管理方案.信息安全研究.2020,(第01期),全文. * |
Also Published As
Publication number | Publication date |
---|---|
CN111723347A (en) | 2020-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111429254B (en) | Business data processing method and device and readable storage medium | |
US11184336B2 (en) | Public key pinning for private networks | |
US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
US8196186B2 (en) | Security architecture for peer-to-peer storage system | |
CN106534175B (en) | Open platform authorization and authentication system and method based on OAuth protocol | |
KR102254499B1 (en) | Method for oauth service through blockchain, and terminal and server using the same | |
CN111027035B (en) | Multi-identity authentication method and system based on block chain | |
KR101985179B1 (en) | Blockchain based id as a service | |
EP3659295A1 (en) | Authentication token with client key | |
CN104753674B (en) | A kind of verification method and equipment of application identity | |
US20200196143A1 (en) | Public key-based service authentication method and system | |
DK2414983T3 (en) | Secure computer system | |
CN105634743A (en) | Authentication method used for open interface calling | |
CN108604990A (en) | The application method and device of local authorized certificate in terminal | |
KR20190114433A (en) | Method for oauth service through blockchain, and terminal and server using the same | |
CN114553480A (en) | Cross-domain single sign-on method and device | |
CN107347073B (en) | A kind of resource information processing method | |
CN112383401B (en) | User name generation method and system for providing identity authentication service | |
CN111723347B (en) | Identity authentication method, identity authentication device, electronic equipment and storage medium | |
CN111970122A (en) | Official APP identification method, mobile terminal and application server | |
CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
CN103107881B (en) | Access method, device and system of smart card | |
JP6783527B2 (en) | Electronic key re-registration system, electronic key re-registration method and program | |
CN118802159A (en) | Authentication and authorization method, device, electronic device, storage medium and product | |
CN114398620B (en) | Single sign-on method, system, electronic device and readable medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |